On Mon, Aug 11, 2014 at 05:13:00PM +0200, DEXTER wrote:
> > Sesssion tickets should NOT be stored on the server side, only the
> > encryption keys are stored, these should be rotated from time to
> > time. Postfix rotates the encryption keys once an hour, but stores
> > two sets of keys, the previous and the current, so it can validate
> > any unexpired sessions across key rotation.
>
> Hmm.. maybe I worded this poorly, I meant to say
> you store the key (key->aes_key, key->hmac_key, key->expire_time) with
> the key_name, so later when it is called with enc=0 you can retreive
> those and can call EVP_DecryptInit_ex.
Correct, however one set of keys encrypts and decrypts many sessions.
> And every new session (enc=1) gets a new key (aes_key, hmac_key) and key_name.
> Isn't this the case?
No, generally you re-use previously generated keys, otherwise you
lose much of the advantage of "stateless resumption". However,
along with each keyset you associated some suitable TTL, and you
stop signing new sessions with a keyset that is expiring, while
keeping it in memory long enough to decrypt any previously signed
sessions.
So each keyset lives in memory for 2 * encryption-TTL, where the
encryption-TTL is also the maximum session lifetime, but is only
used to encrypt new sessions for 1 * encryption-TTL. This means
you only have 2 keysets in memory, the current and previous.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
